.RB [ \-width
.IR columns ]
.RB [ \-sasl ]
+.RB [ \-nosasl ]
+.RB [ \-saslmaxssf
+.IR ssf ]
.RB [ \-saslmech
.IR mechanism ]
.RB [ \-user
.B nmh
has been compiled with SASL support, the
.B \-sasl
-switch will enable
+and
+.B \-nosasl
+switches will enable and disable
the use of SASL authentication with the SMTP MTA. Depending on the
SASL mechanism used, this may require an additional password prompt from the
user (but the
Encrypted data is labelled with `(sasl-encrypted)' and `(sasl-decrypted)' when
viewing the SMTP transaction with the
.B \-snoop
-switch.
+switch. The
+.B \-saslmaxssf
+switch can be used to select the maximum value of the Security Strength Factor.
+This is an integer value and the exact meaning of this value depends on the
+underlying SASL mechanism. A value of 0 disables encryption.
.PP
If
.B nmh
.RB [ \-port
.IR port-name/number ]
.RB [ \-sasl ]
+.RB [ \-nosasl ]
+.RB [ \-saslmaxssf
+.IR ssf ]
.RB [ \-saslmech
.IR mechanism ]
.RB [ \-user
.B nmh
has been compiled with SASL support, the
.B \-sasl
-switch will enable
+and
+.B \-nosasl
+switches will enable and disable
the use of SASL authentication with the SMTP MTA. Depending on the
SASL mechanism used, this may require an additional password prompt from the
user (but the
Encrypted data is labelled with `(encrypted)' and `(decrypted)' when
viewing the SMTP transaction with the
.B \-snoop
-switch.
+switch. The
+.B \-saslmaxssf
+switch can be used to select the maximum value of the Security Strength Factor.
+This is an integer value and the exact meaning of this value depends on the
+underlying SASL mechanism. A value of 0 disables encryption.
.PP
If
.B nmh
* static prototypes
*/
static int smtp_init (char *, char *, char *, int, int, int, int, int, int,
- char *, char *, int);
+ int, char *, char *, int);
static int sendmail_init (char *, char *, int, int, int, int, int, int,
- char *, char *);
+ int, char *, char *);
static int rclient (char *, char *);
static int sm_ierror (char *fmt, ...);
* Function prototypes needed for SASL
*/
-static int sm_auth_sasl(char *, char *, char *);
+static int sm_auth_sasl(char *, int, char *, char *);
#endif /* CYRUS_SASL */
int
sm_init (char *client, char *server, char *port, int watch, int verbose,
- int debug, int onex, int queued, int sasl, char *saslmech,
- char *user, int tls)
+ int debug, int onex, int queued, int sasl, int saslssf,
+ char *saslmech, char *user, int tls)
{
if (sm_mts == MTS_SMTP)
return smtp_init (client, server, port, watch, verbose,
- debug, onex, queued, sasl, saslmech, user, tls);
+ debug, onex, queued, sasl, saslssf, saslmech,
+ user, tls);
else
return sendmail_init (client, server, watch, verbose,
- debug, onex, queued, sasl, saslmech, user);
+ debug, onex, queued, sasl, saslssf, saslmech,
+ user);
}
static int
smtp_init (char *client, char *server, char *port, int watch, int verbose,
int debug, int onex, int queued,
- int sasl, char *saslmech, char *user, int tls)
+ int sasl, int saslssf, char *saslmech, char *user, int tls)
{
#ifdef CYRUS_SASL
char *server_mechs;
saslmech, server_mechs);
}
- if (sm_auth_sasl(user, saslmech ? saslmech : server_mechs,
+ if (sm_auth_sasl(user, saslssf, saslmech ? saslmech : server_mechs,
server) != RP_OK) {
sm_end(NOTOK);
return NOTOK;
int
sendmail_init (char *client, char *server, int watch, int verbose,
int debug, int onex, int queued,
- int sasl, char *saslmech, char *user)
+ int sasl, int saslssf, char *saslmech, char *user)
{
#ifdef CYRUS_SASL
char *server_mechs;
#else /* CYRUS_SASL */
NMH_UNUSED (server);
NMH_UNUSED (sasl);
+ NMH_UNUSED (saslssf);
NMH_UNUSED (saslmech);
NMH_UNUSED (user);
#endif /* CYRUS_SASL */
saslmech, server_mechs);
}
- if (sm_auth_sasl(user, saslmech ? saslmech : server_mechs,
+ if (sm_auth_sasl(user, saslssf, saslmech ? saslmech : server_mechs,
server) != RP_OK) {
sm_end(NOTOK);
return NOTOK;
* (optionally) negotiated a security layer.
*/
static int
-sm_auth_sasl(char *user, char *mechlist, char *inhost)
+sm_auth_sasl(char *user, int saslssf, char *mechlist, char *inhost)
{
int result, status;
unsigned int buflen, outlen;
memset(&secprops, 0, sizeof(secprops));
secprops.maxbufsize = SASL_MAXRECVBUF;
- secprops.max_ssf = tls_active ? 0 : UINT_MAX;
+ secprops.max_ssf = tls_active ? 0 : (saslssf != -1 ? saslssf : UINT_MAX);
result = sasl_setprop(conn, SASL_SEC_PROPS, &secprops);
* prototypes
*/
/* int client (); */
-int sm_init (char *, char *, char *, int, int, int, int, int, int, char *, char *, int);
+int sm_init (char *, char *, char *, int, int, int, int, int, int, int, char *, char *, int);
int sm_winit (int, char *);
int sm_wadr (char *, char *, char *);
int sm_waend (void);
{ "queued", -6 },
#define SASLSW 37
{ "sasl", SASLminc(-4) },
-#define SASLMECHSW 38
+#define NOSASLSW 38
+ { "nosasl", SASLminc(-6) },
+#define SASLMXSSFSW 39
+ { "saslmaxssf", SASLminc(-10) },
+#define SASLMECHSW 40
{ "saslmech", SASLminc(-5) },
-#define USERSW 39
+#define USERSW 41
{ "user", SASLminc(-4) },
-#define PORTSW 40
+#define PORTSW 42
{ "port server port name/number", 4 },
-#define TLSSW 41
+#define TLSSW 43
{ "tls", TLSminc(-3) },
-#define FILEPROCSW 42
+#define FILEPROCSW 44
{ "fileproc", -4 },
-#define MHLPROCSW 43
+#define MHLPROCSW 45
{ "mhlproc", -3 },
{ NULL, 0 }
};
static int linepos=0; /* putadr()'s position on the line */
static int nameoutput=0; /* putadr() has output header name */
static int sasl=0; /* Use SASL auth for SMTP */
+static int saslssf=-1; /* Our maximum SSF for SASL */
static char *saslmech=NULL; /* Force use of particular SASL mech */
static char *user=NULL; /* Authenticate as this user */
static char *port="smtp"; /* Name of server port for SMTP */
case SASLSW:
sasl++;
continue;
+
+ case NOSASLSW:
+ sasl = 0;
+ continue;
+
+ case SASLMXSSFSW:
+ if (!(cp = *argp++) || *cp == '-')
+ adios (NULL, "missing argument to %s", argp[-2]);
+ saslssf = atoi(cp);
+ continue;
case SASLMECHSW:
if (!(saslmech = *argp++) || *saslmech == '-')
sigon ();
if (rp_isbad (retval = sm_init (clientsw, serversw, port, watch, verbose,
- snoop, onex, queued, sasl, saslmech,
- user, tls))
+ snoop, onex, queued, sasl, saslssf,
+ saslmech, user, tls))
|| rp_isbad (retval = sm_winit (smtpmode, from)))
die (NULL, "problem initializing server; %s", rp_string (retval));
if (!whomsw || checksw)
if (rp_isbad (retval = sm_init (clientsw, serversw, port, watch,
verbose, snoop, 0, queued, sasl,
- saslmech, user, tls))
+ saslssf, saslmech, user, tls))
|| rp_isbad (retval = sm_winit (smtpmode, from)))
die (NULL, "problem initializing server; %s", rp_string (retval));
{ "snoop", 5 },
#define SASLSW 37
{ "sasl", SASLminc(4) },
-#define SASLMECHSW 38
+#define NOSASLSW 38
+ { "nosasl", SASLminc(-6) },
+#define SASLMXSSFSW 39
+ { "saslmaxssf", SASLminc(-10) },
+#define SASLMECHSW 40
{ "saslmech mechanism", SASLminc(-5) },
-#define USERSW 39
+#define USERSW 41
{ "user username", SASLminc(-4) },
-#define ATTACHSW 40
+#define ATTACHSW 42
{ "attach", 6 },
-#define ATTACHFORMATSW 41
+#define ATTACHFORMATSW 43
{ "attachformat", 7 },
-#define PORTSW 42
+#define PORTSW 44
{ "port server-port-name/number" , 4 },
-#define TLSSW 43
+#define TLSSW 45
{ "tls", TLSminc(-3) },
{ NULL, 0 }
};
case SOMLSW:
case SNOOPSW:
case SASLSW:
+ case NOSASLSW:
case TLSSW:
vec[vecp++] = --cp;
continue;
case CLIESW:
case SERVSW:
case SASLMECHSW:
+ case SASLMXSSFSW:
case USERSW:
case PORTSW:
vec[vecp++] = --cp;
{ "nodraftfolder", -3 },
#define SASLSW 36
{ "sasl", SASLminc(-4) },
-#define SASLMECHSW 37
+#define NOSASLSW 37
+ { "nosasl", SASLminc(-6) },
+#define SASLMXSSFSW 38
+ { "saslmaxssf", SASLminc(-10) },
+#define SASLMECHSW 39
{ "saslmech", SASLminc(-5) },
-#define USERSW 38
+#define USERSW 40
{ "user", SASLminc(-4) },
-#define SNDATTACHSW 39
+#define SNDATTACHSW 41
{ "attach file", 6 },
-#define SNDATTACHFORMAT 40
+#define SNDATTACHFORMAT 42
{ "attachformat", 7 },
-#define PORTSW 41
+#define PORTSW 43
{ "port server-port-name/number", 4 },
-#define TLSSW 42
+#define TLSSW 44
{ "tls", TLSminc(-3) },
{ NULL, 0 }
};
case SOMLSW:
case SNOOPSW:
case SASLSW:
+ case NOSASLSW:
case TLSSW:
vec[vecp++] = --cp;
continue;
case WIDTHSW:
case CLIESW:
case SERVSW:
+ case SASLMXSSFSW:
case SASLMECHSW:
case USERSW:
case PORTSW:
projects / mmh / commitdiff